Date: Thu, 12 Aug 1999 01:09:33 +0400 From: "Andrey E. Lerman" <lae@uniyar.ac.ru> To: Mike Hoskins <mike@snafu.adept.org> Cc: freebsd-security@freebsd.org Subject: Re: info on suid/sgid files Message-ID: <19990812010933.A6691@univ.uniyar.ac.ru> In-Reply-To: <Pine.BSF.4.10.9908110114490.71398-100000@snafu.adept.org>; from Mike Hoskins on Wed, Aug 11, 1999 at 01:40:00AM -0700 References: <19990811043211.X16510@uniyar.ac.ru> <Pine.BSF.4.10.9908110114490.71398-100000@snafu.adept.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Aug 11, 1999 at 01:40:00AM -0700, Mike Hoskins wrote: > On Wed, 11 Aug 1999, Andrey E. Lerman wrote: > > > It would be nice if info about need of increased privileges > > needed for given program would be clearly stated in manpage. > > I'm not sure how much info is needed about increased privileges... > There's a lot of writeups (CERT's security checklist and an article I did > for the FreeBSD 'Zine to name a couple) that already say 'If you don't > need it ... turn it off'. Beyond saying that, I'd hope the admin could... > > Type: find / \( -perm -2000 -o -perm -4000 \) -print > audit.log > more audit.log Actually, this is done every day in cron job. > > Think: 'I only need foo, I'll chmod the others appropriately.' > > Man pages generally do mention files they need/use... From which you can > decide which users or groups need access to what files for a system to > function appropriately. I just want to know "what will change if I turn that bit off". I saw references to files, but, say, manpage for ps mentiones /dev/kmem, /kernel, etc. but it isn't clear what it will use that files/devices for. I killed suid on ps and it continues working for me. I haven't tested it fully though. Sometimes I don't have the machine to experiment on. I will have problems if I screw something up which will be fatal to users' operation (such as users will not be able to do their job). In my case situation is better as I don't really have many shell accounts on that machine. -- Andrey E. Lerman @ Yaroslavl State University ICQ: 9418370, primary email: lae@uniyar.ac.ru [Lae] on IRCNet To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990812010933.A6691>